Merge next into main for "next" release prep#260
Open
data-douser wants to merge 16 commits intomainfrom
Open
Conversation
…th Go implementation (#223) * Initial plan * Phase 1: Update documentation and GitHub config for Go-based client Update all .github config files, documentation, workflows, and package.json to reflect the intended Go-based ql-mcp-client architecture. No Go source code is introduced — only documentation, config, and a stub Makefile. - Create .github/instructions/client_go.instructions.md for Go conventions - Update client_src_js.instructions.md to Go guidance - Update client_integration_tests.instructions.md for Go test runner - Update agent files to reference Go client instead of JS client - Update ql-mcp-server-fix-build-and-test.prompt.md with make commands - Add actions/setup-go to CI workflows - Rewrite client/README.md and CLI-USAGE.md for gh-ql-mcp-client - Update client/integration-tests/README.md for Go test runner - Update docs/testing.md to describe Go MCP client - Update package.json to use make -C client targets, remove client workspace - Add stub client/Makefile with go.mod-conditional targets Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/f5595942-48af-4847-8d28-fba34a17ba76 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Update client/.gitignore for go ql-mcp-client * Replace JavaScript client with Go binary and integration test runner (#221) * Initial plan * Replace JavaScript client with Go binary and integration test runner - Remove client/src/ directory with all JS files (ql-mcp-client.js and 14 library modules) - Remove client/package.json and client/eslint.config.mjs - Add Go module (go.mod, go.sum) with cobra and mcp-go dependencies - Add CLI entry point (main.go) and root Cobra command (cmd/root.go) - Add CLI helpers (cmd/helpers.go) and integration test command (cmd/integration_tests.go) - Add MCP client library (internal/mcp/client.go) with stdio and HTTP transport - Add integration test runner (internal/testing/runner.go, params.go) - Add comprehensive unit tests for all packages (16 tests, all passing) - Update Makefile to remove go.mod guards (Go source now available) - Update run-integration-tests.sh to build and use Go binary - Update test-config.json logDir paths for custom_log_directory tests Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/8c006672-cf7e-4045-9488-f6d97fafe2f2 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Final validation complete Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/8c006672-cf7e-4045-9488-f6d97fafe2f2 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Revert unrelated go.mod changes in server/ql/go/tools/test/ Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/8c006672-cf7e-4045-9488-f6d97fafe2f2 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Replace actual repo reference with placeholder in helpers_test.go Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/86c1cb26-2977-409f-ace0-aabc4fc9cee7 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> * Remove client_src_js.instructions.md * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> * Address PR review feedback * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> * Improve ql-mcp-client from PR feedback * Fix "--no-install-packs" in client integration test runner * Fixes for failing client integration tests * Fix extension mcp-tool-e2e.integration.test.ts * More fixes for PR review feedback * Fix client-integration-tests.yml Windows job * More fixes for PR review feedback * Updates for compatibility with main-merged PRs * Fix client-integration-tests for extract dbs * Address PR review feedback: fix Close() kill, remove enableAnnotationTools setting, record skipped results, fix schema default, clarify changelog Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/a90a53a5-b2ad-4775-8b61-f11d16b33749 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Revert test-integration to skip pack install by default, add test-integration-with-packs for explicit pack setup Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/a90a53a5-b2ad-4775-8b61-f11d16b33749 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Address review thread 4071470992: path check, changelog, timeout help, error message, cross-platform test, output path sandboxing Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/0666a5dd-b460-4e6e-9749-f729c46f0b62 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> --------- Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…rompt` subcommands with shared primitives library (#233)
…ments, `gh` extension packaging (#234) * Initial plan * feat: Phase 3(B) — Code Scanning lifecycle, SARIF enhancements, and gh extension packaging Add Code Scanning subcommands (list-analyses, list-alerts, download-analysis) and SARIF parent subcommand to gh-ql-mcp-client. Add GitHub REST API client using go-gh for Code Scanning endpoints. Enhance SARIF tools with fingerprint overlap mode, sarif_store for session cache ingest, and sarif_deduplicate_rules for cross-file rule deduplication. Add comprehensive tests for all new functionality. Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/3c78cc29-8614-47cd-ad94-534e60fd6ab1 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Fix hanging client int test for windows stdio * fix: address review feedback — sarifClient race, dedup formula comment, handler tests 1. Fix data race in sarifClient() by replacing nil-check with sync.Once 2. Add clarifying comment on overlap scoring formula in sarif_deduplicate_rules 3. Add 3 handler-level tests for sarif_deduplicate_rules (overlap detection, no-overlap, missing input error) Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/7aefb02d-b415-49ed-87da-f03d9f4a2b3d Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * fix: address automated review feedback — error message, fingerprint response, dedup perf, changelog links 1. loadSarif error message updated to source-agnostic "No SARIF source provided" 2. sarif_compare_alerts response now includes fingerprintMatch/matchedFingerprints in fingerprint mode 3. sarif_deduplicate_rules precomputes per-rule extracted results before pairwise loop 4. CHANGELOG entries corrected: partialFingerprints → fingerprint, added PR #234 links Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/85233122-a70c-49a6-a247-fb01f4da6946 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * fix: use actual sarifPath in cache databasePath, stable queryName for sarif_store Stores the actual SARIF file path (or 'inline') in databasePath and uses a stable 'sarif_store' as queryName, instead of overloading both with the user-provided label. Rebuilt server dist. Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/81b6fb38-6dd7-45f0-ac7f-d8b5e1625eb9 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> Co-authored-by: Nathan Randall <data-douser@github.com>
…ault with `.dil` file persistence (#235) * Initial plan * feat: enable --dump-dil by default for codeql_query_compile tool Add dump-dil parameter to the codeql_query_compile tool inputSchema and inject --dump-dil by default in registerCLITool handler unless explicitly disabled via dump-dil: false or --no-dump-dil in additionalArgs. Includes server unit tests and client integration test improvements. Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/7a489b70-8f73-406f-9a75-e8a15951cde2 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * feat: persist DIL output to a .dil file for codeql_query_compile After successful compilation with --dump-dil, extract the DIL content from stdout and save it to a dedicated .dil file in a log directory. The file path is appended to the tool response. - Add logDir parameter to codeql_query_compile tool - Create log directory and write .dil file post-execution - Add server unit tests for DIL file persistence - Update integration test assertions to verify DIL file output Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/7ba868e5-1215-4130-bc06-10dfb15ebf14 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Address PR #234 review feedback * Fix compile_query client integration test * Address PR #235 review feedback Address PR #235 review comments for codeql_query_compile DIL persistence: - Reorder path imports alphabetically (basename, delimiter, dirname, ...) - Update logDir description to match pattern used by query-run, test-run, and database-analyze (mentions CODEQL_QUERY_LOG_DIR and default path) - Defer compile log directory creation to post-execution so failed compilations do not leave empty directories behind - Make DIL file test hermetic by controlling CODEQL_QUERY_LOG_DIR via a test-scoped temp directory and restoring it in a finally block - Add test verifying no empty log directory on compilation failure - Add test verifying logDir description matches other CLI tools * Regenerate package-lock.json after rebase --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> Co-authored-by: Nathan Randall <data-douser@github.com>
…ing (#243) * Fixes for codeql_query_compile dump-dil Applies fixes and improves tests for codeql_query_compile MCP tool related to --dump-dil versus --no-dump-dil arg handling. * Address PR #243 review feedback * Update server/test/src/lib/cli-tool-registry.test.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> --------- Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Upgrade NodeJS dependencies across workspaces * Update extension "engines.vscode" to "^1.115.0" Updates the minimum required "engines.vscode" version from "^1.110.0" to "^1.115.0" in order to align with newer @types/vscode. * Update minimum required NodeJS version to "^25.6.0" * Regenerate package-lock.json to fix build * Sync server/dist/ * Update extensions/vscode/README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> * Update devcontainer.json for Node 24->25 upgrade * Sync server/dist/** * Update client/README.md Node.js prerequisite to v25.6.0 * Update CHANGELOG.md with dependency upgrades from #240 --------- Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…on tool (#236) * Initial plan * feat: add sarif_diff_by_commits tool for SARIF-to-git-diff correlation Implements a new MCP tool that accepts a SARIF file path and git ref range, partitions SARIF results into "new" vs "pre-existing" based on file-level or line-level overlap with the git diff, and returns structured output for triage workflows. - Add diffSarifByCommits() pure utility in sarif-utils.ts with types - Register sarif_diff_by_commits tool in sarif-tools.ts - Add parseGitDiffOutput() helper for unified diff parsing - Add 14 unit tests for diffSarifByCommits() utility - Add 5 unit tests for sarif_diff_by_commits tool handler - Update server-tools.md documentation - Update tool registration count from 7 to 8 Closes #209 Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/8abb21bb-8877-4628-90da-36ffc8eeb742 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * feat: add client integration test for sarif_diff_by_commits - Add sarif_diff_by_commits case to Go params.go test runner - Add Go unit test for param resolution (params_test.go) - Create file_level_classification integration test fixture with: - SARIF with 3 results across 2 rules - HEAD..HEAD ref range (empty diff → all pre-existing) - Assertions validating totalNew=0, totalPreExisting=3 - before/after directories with SARIF and monitoring state Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/edb1fae4-1f49-44f9-af31-71483b674da7 Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Apply lint/format & rebuild server/dist/ * [UPDATE PRIMITIVE] `sarif_diff_by_commits` — refRange validation, file path improvement, test mock fix (#242) * Initial plan * Fix PR #236 review comments: refRange validation, ClassifiedResult.file, test mocking 1. Validate refRange in sarif_diff_by_commits to reject strings starting with '-' or containing whitespace (prevents git option injection). 2. Use matchingDiff.path for ClassifiedResult.file when a diff match exists, falling back to normalizeUri(uri) only for unmatched results (produces repo-relative paths instead of long file:// URI paths). 3. Replace vi.doMock with module-scope vi.mock + shared mockExecuteCLICommand to prevent module-cache flakiness in sarif_diff_by_commits handler tests. Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/1960960b-9658-44b5-87d8-bc29cc55a5ef Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Extend client tests -> sarif_diff_by_commits tool * fix: address unresolved PR review comments - Fix deletion-only hunk misclassification in line-level granularity by adding hunksParsed flag to DiffFileEntry; parseGitDiffOutput sets it when @@ headers are seen, and diffSarifByCommits uses it to distinguish "no hunk info" from "deletion-only" diffs - Precompute normalized diff paths once before the results loop, removing the unused diffPathMatchesSarifUri wrapper - Migrate all params_test.go from t.TempDir() to project-local .tmp/ - Add regression tests for deletion-only diffs in unit and handler tests --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> Co-authored-by: Nathan Randall <data-douser@github.com>
… before running client integration tests (#248) * refactor: rename client workflow and add build job - Rename client-integration-tests.yml to build-and-test-client.yml to match existing patterns (build-and-test-extension.yml, build-server.yml) - Add build-and-test-client job: fast Go build + unit tests + lint on ubuntu/windows (no CodeQL required), gates integration tests via needs: - Simplify step names (drop verbose "MCP Integration Tests -" prefix) - Add make -C client build to root npm run build script - Update SKILL.md reference to new workflow filename * Address PR review feedback * Another fix for client build on windows
* Release v2.25.1-next.3: update versions to 2.25.1-next.3 * Upgrade Node dependencies for next branch * Downgrade @types/node for extensions/vscode/package.json * Sync package-lock.json to fix build-and-test --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
data-douser
added
documentation
![github-license-compliance[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
Contributor
Dependency ReviewThe following issues were found:
|
Contributor
There was a problem hiding this comment.
Pull request overview
Merges next into main to prepare for the v2.25.3 release, including the migration from the legacy JS integration-test client to the new Go-based gh-ql-mcp-client, plus related CI/docs updates.
Changes:
- Replace the legacy JS client with a Go CLI (
gh-ql-mcp-client) and update integration test workflows/fixtures accordingly. - Enable annotation/audit/cache tools by default and update server + VS Code extension behavior/tests/docs to match.
- Extend CodeQL CLI tooling (notably
codeql_query_compile) and tighten log-directory validation.
Show a summary per file
| File | Description |
|---|---|
| server/test/src/tools/codeql/search-ql-code.test.ts | Adds test coverage for runtime changes to scan-exclude env var handling. |
| server/test/src/tools/codeql/query-compile.test.ts | Adds unit tests for codeql_query_compile tool definition/schema. |
| server/test/src/tools/cache-tools.test.ts | Updates tool registration tests for always-on cache tools. |
| server/test/src/tools/audit-tools.test.ts | Updates tool registration tests for always-on audit tools. |
| server/test/src/tools/annotation-tools.test.ts | Updates tool registration tests for always-on annotation tools. |
| server/test/src/lib/log-directory-manager.test.ts | Adds regression coverage for logDir base-prefix edge case. |
| server/src/types/monitoring.ts | Changes enableAnnotationTools default + semantics comment. |
| server/src/tools/codeql/search-ql-code.ts | Re-reads scan exclude dirs per call instead of caching at module load. |
| server/src/tools/codeql/query-compile.ts | Adds dump-dil/logDir inputs and updates tool description/examples. |
| server/src/tools/cache-tools.ts | Removes opt-in gating so cache tools are always registered. |
| server/src/tools/audit-tools.ts | Removes opt-in gating so audit tools are always registered. |
| server/src/tools/annotation-tools.ts | Removes opt-in gating so annotation tools are always registered. |
| server/src/resources/server-tools.md | Updates SARIF tools table and workflow ordering. |
| server/src/lib/session-data-manager.ts | Defaults ENABLE_ANNOTATION_TOOLS to true. |
| server/src/lib/log-directory-manager.ts | Switches base-dir containment check to path.relative() logic. |
| server/src/lib/cli-tool-registry.ts | Adds default --dump-dil behavior and persists DIL output for query compile. |
| server/scripts/extract-test-databases.sh | Optimizes default DB extraction scope for integration tests. |
| server/ql/go/tools/test/PrintAST/go.mod | Minor formatting adjustment. |
| server/ql/go/tools/test/CallGraphTo/go.mod | Adds go directive. |
| server/ql/go/tools/test/CallGraphFromTo/go.mod | Adds go directive. |
| server/ql/go/tools/test/CallGraphFrom/go.mod | Adds go directive. |
| server/package.json | Bumps minimum Node engine version. |
| server/README.md | Updates Node prerequisite version. |
| package.json | Removes client workspace; updates build/lint/test scripts to use make -C client. |
| extensions/vscode/test/suite/mcp-tool-e2e.integration.test.ts | Updates expected default tool surface (annotation/audit/cache now present). |
| extensions/vscode/test/bridge/environment-builder.test.ts | Updates env expectations after removing annotation-tools opt-in setting. |
| extensions/vscode/src/bridge/environment-builder.ts | Stops setting ENABLE_ANNOTATION_TOOLS; keeps default storage location behavior. |
| extensions/vscode/package.json | Bumps VS Code/Node engines; removes codeql-mcp.enableAnnotationTools setting. |
| extensions/vscode/README.md | Updates VS Code and Node prerequisites. |
| docs/testing.md | Updates testing-layer docs to use the Go client and new commands. |
| docs/public.md | Updates Node minimum version in public docs. |
| docs/getting-started.md | Updates Node minimum version. |
| client/src/lib/validate-source-root.js | Removes legacy JS client implementation. |
| client/src/lib/test-logger.js | Removes legacy JS client implementation. |
| client/src/lib/server-manager.js | Removes legacy JS client implementation. |
| client/src/lib/resolve-all-queries.js | Removes legacy JS client implementation. |
| client/src/lib/queries-filter-metadata.js | Removes legacy JS client implementation. |
| client/src/lib/process-query-metadata.js | Removes legacy JS client implementation. |
| client/src/lib/mcp-test-suite.js | Removes legacy JS client implementation. |
| client/src/lib/mcp-client-utils.js | Removes legacy JS client implementation. |
| client/src/lib/file-utils.js | Removes legacy JS client implementation. |
| client/src/lib/commands/metadata-commands.js | Removes legacy JS client implementation. |
| client/src/lib/commands/basic-commands.js | Removes legacy JS client implementation. |
| client/src/lib/command-handler.js | Removes legacy JS client implementation. |
| client/src/lib/cli-parser.js | Removes legacy JS client implementation. |
| client/src/lib/aggregate-query-metadata.js | Removes legacy JS client implementation. |
| client/scripts/start-server.sh | Aligns server tmp base with Go client integration-test expectations. |
| client/scripts/run-integration-tests.sh | Updates orchestration for Go client + new default tool surface. |
| client/package.json | Removes JS client package manifest. |
| client/main.go | Adds Go CLI entrypoint. |
| client/internal/mcp/client_test.go | Adds unit tests for MCP client timeouts/close behavior. |
| client/internal/github/types.go | Adds typed GitHub Code Scanning API models. |
| client/internal/github/client_test.go | Adds tests for GitHub client helpers/types. |
| client/internal/github/client.go | Adds GitHub Code Scanning REST client wrapper. |
| client/integration-tests/primitives/tools/sarif_diff_by_commits/line_level_classification/test-config.json | Adds Go-runner style integration test config for sarif_diff_by_commits (line). |
| client/integration-tests/primitives/tools/sarif_diff_by_commits/line_level_classification/before/results.sarif | Adds SARIF fixture for sarif_diff_by_commits integration test. |
| client/integration-tests/primitives/tools/sarif_diff_by_commits/line_level_classification/before/monitoring-state.json | Adds monitoring-state fixture for test directory completeness. |
| client/integration-tests/primitives/tools/sarif_diff_by_commits/line_level_classification/after/results.sarif | Adds expected post-state fixture. |
| client/integration-tests/primitives/tools/sarif_diff_by_commits/line_level_classification/after/monitoring-state.json | Adds expected monitoring-state fixture. |
| client/integration-tests/primitives/tools/sarif_diff_by_commits/line_level_classification/README.md | Documents the new integration test case. |
| client/integration-tests/primitives/tools/sarif_diff_by_commits/file_level_classification/test-config.json | Adds Go-runner style integration test config for sarif_diff_by_commits (file). |
| client/integration-tests/primitives/tools/sarif_diff_by_commits/file_level_classification/before/results.sarif | Adds SARIF fixture for file-level classification test. |
| client/integration-tests/primitives/tools/sarif_diff_by_commits/file_level_classification/before/monitoring-state.json | Adds monitoring-state fixture. |
| client/integration-tests/primitives/tools/sarif_diff_by_commits/file_level_classification/after/results.sarif | Adds expected post-state fixture. |
| client/integration-tests/primitives/tools/sarif_diff_by_commits/file_level_classification/after/monitoring-state.json | Adds expected monitoring-state fixture. |
| client/integration-tests/primitives/tools/sarif_diff_by_commits/file_level_classification/README.md | Documents the new integration test case. |
| client/integration-tests/primitives/tools/codeql_test_run/custom_log_directory/test-config.json | Updates logDir usage to {{tmpdir}}-based location. |
| client/integration-tests/primitives/tools/codeql_query_run/custom_log_directory/test-config.json | Updates logDir usage to {{tmpdir}}-based location. |
| client/integration-tests/primitives/tools/codeql_query_compile/compile_query/test-config.json | Adds integration test for query compile + DIL file output. |
| client/integration-tests/primitives/tools/codeql_query_compile/compile_query/before/test_query.ql | Removes unused fixture query file. |
| client/integration-tests/primitives/tools/codeql_query_compile/compile_query/before/codeql-pack.lock.yml | Removes unused fixture lockfile. |
| client/integration-tests/primitives/tools/codeql_query_compile/compile_query/after/test_query.ql | Removes unused expected fixture query file. |
| client/integration-tests/primitives/tools/codeql_bqrs_interpret/sarif_format/after/results.sarif | Updates expected SARIF output fixture content. |
| client/integration-tests/README.md | Updates integration-test contract to Go runner (test-config.json etc.). |
| client/go.mod | Introduces Go module for the new client. |
| client/eslint.config.mjs | Removes JS lint config for the removed JS client. |
| client/cmd/use_tool.go | Adds use tool command to call a single MCP tool. |
| client/cmd/use_test.go | Adds tests for use subcommands and arg parsing helpers. |
| client/cmd/use_resource.go | Adds use resource command to read a resource URI. |
| client/cmd/use_prompt.go | Adds use prompt command to get a prompt by name. |
| client/cmd/use.go | Adds use command group and key=value arg parsing helpers. |
| client/cmd/sarif.go | Adds sarif command group placeholder. |
| client/cmd/root_test.go | Adds tests for root command help/version/default flags. |
| client/cmd/root.go | Adds root Cobra command, global flags, and version. |
| client/cmd/list_test.go | Adds tests ensuring list commands appear in help output. |
| client/cmd/list.go | Adds list tools/prompts/resources commands (stdio/http). |
| client/cmd/integration_tests.go | Adds integration-tests command that runs fixtures against MCP server. |
| client/cmd/helpers_test.go | Adds tests for repo parsing helper. |
| client/cmd/helpers.go | Adds owner/repo parsing helper. |
| client/cmd/code_scanning_list_analyses.go | Adds Code Scanning analyses list command (GitHub REST). |
| client/cmd/code_scanning_list_alerts.go | Adds Code Scanning alerts list command (GitHub REST). |
| client/cmd/code_scanning_download_analysis.go | Adds analysis SARIF download command. |
| client/cmd/code_scanning.go | Adds code-scanning command group. |
| client/README.md | Rewrites client documentation for Go CLI usage and testing. |
| client/Makefile | Adds build/lint/test/cross-compile targets for Go client. |
| client/.gitignore | Updates ignore patterns for Go artifacts + legacy JS remnants. |
| README.md | Updates repo-wide Node minimum version. |
| CHANGELOG.md | Updates Unreleased notes for Go client + tool/default changes + version bumps. |
| .node-version | Bumps Node version used by tooling/CI. |
| .github/workflows/lint-and-format.yml | Adds Go setup step for lint/format workflow. |
| .github/skills/validate-ql-mcp-server-tools-queries/SKILL.md | Updates workflow reference to renamed CI file. |
| .github/prompts/ql-mcp-server-fix-build-and-test.prompt.md | Updates instructions to use Go client and new commands. |
| .github/instructions/client_src_js.instructions.md | Removes JS client instructions. |
| .github/instructions/client_integration_tests.instructions.md | Updates integration-test instructions for Go client runner. |
| .github/instructions/client_go.instructions.md | Adds Go client instructions. |
| .github/agents/ql-mcp-tool-tester.md | Updates agent guidance to use Go client. |
| .github/agents/ql-mcp-tool-developer.md | Updates developer agent guidance to use Go client. |
| .github/agents/ql-agent-skills-developer.md | Updates skill developer guide to use Go client list commands. |
| .github/actions/setup-codeql-environment/action.yml | Updates default Go version for setup action. |
| .devcontainer/devcontainer.json | Updates devcontainer Node image major version. |
Copilot's findings
- Files reviewed: 127/132 changed files
- Comments generated: 8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary of Changes
Merges the changes from the
nextbranch -- and from the series ofv2.25.1-next.*andv2.25.2-next.*releases -- into themainbranch in preparation for integration into thev2.25.3release.Outline of Changes
Client migration and documentation updates:
client/src/**/*.js) and replaced them with new Go client instructions forclient/**/*.go, emphasizing modern Go practices, TDD, and the use of the.tmp/directory for temp files. [1] [2]gh-ql-mcp-client) for integration testing, tool validation, and manual testing, replacing references to the old JS client. [1] [2] [3]Continuous Integration and workflow improvements:
build-and-test-client.yml, splitting out build/lint/unit test steps for the Go client and updating integration test jobs to use the Go client, not the JS client. [1] [2] [3]Testing and integration test process:
make -C client testandtest-config.jsonfor test arguments, aligning with the Go client's test runner.Dependency and environment updates:
Minor documentation fixes:
These changes collectively ensure that all development, testing, and CI processes use the new Go-based client, streamline developer onboarding, and improve reliability and consistency across environments.